Head of IT Governance, Compliance & Security (all genders)

The company's IT is subject to strict financial supervision; the European DORA Regulation has been in force since 2025. This sets out comprehensive requirements for the relevant IT processes, in particular for IT operations and IT infrastructure. Your role with us will include the following:

Supervise the work of the ITSO/IGA-IAM team (2 FTEs) in coordination with the CISO and all LD1 stakeholders in IT, Corporate functions and Business Operating Departments.

You will also have your own IT Compliance role. On the role, you will:

• Support the implementation, maintenance and continuous improvement of IT compliance and governance frameworks in line with regulatory requirements (e.g. DORA, ISO 27001)
• Monitor compliance with internal IT policies, procedures and external regulatory requirements (e.g. BaFin expectations)
• Support the execution, testing and documentation of IT controls (ITGCs) across systems, applications and infrastructure
• Support internal and external audits by collecting audit evidence, preparing documentation and tracking remediation actions
• Help identify, assess and monitor IT risks, control deficiencies and mitigation measures
• Review and monitor compliance of access management, change management and incident management processes
• Maintain compliance-related documentation such as policies, procedures, control frameworks and risk registers
• Monitor compliance KPIs and contribute to reporting on audit findings, risk exposure and remediation status
• Track corrective actions and remediation plans
• Collaborate with IT, Security and business stakeholders to ensure regulatory requirements are properly implemented
• Contribute to awareness initiatives related to IT compliance, data protection and regulatory obligations

We are looking for a structured, detail-oriented and reliable professional with a strong understanding of IT compliance, governance and regulatory environments.

You are comfortable working in audit-driven contexts and interacting with internal stakeholders as well as auditors and regulators.

• 5-7 years of professional experience in IT Compliance, IT Audit, IT Risk or Cybersecurity Governance, ideally in a regulated environment (e.g. financial services)
• Degree in Information Technology, Computer Science, Business Information Systems, Audit or a related field
• Good understanding of IT compliance, risk management and internal control frameworks
• First experience with regulatory frameworks such as DORA, BaFin guidelines, ISO 27001 or similar
• Experience supporting internal or external audits, control testing and remediation tracking
• Good understanding of IT general controls (ITGCs), including user access management, change management and incident management
• Ability to document policies, procedures, controls and audit evidence in a clear and structured way
• Good understanding of IT security, data protection and identity and access management concepts

Tools & practical skills:

• Familiarity with GRC and compliance tools
• Good Culture about Cybersecurity, IGA, IAM
• Experience with ticketing and documentation tools (e.g. Jira, Confluence, etc.)
• Basic knowledge of identity and access management tools (e.g. Active Directory / Microsoft Entra ID)
• Strong proficiency in Microsoft Excel for audit tracking, control monitoring and reporting
• General understanding of IT systems, applications and cloud environments
• Strong analytical skills and attention to detail
• Structured and reliable working approach
• Team-oriented mindset with strong communication abilities
• Fluent English and German, both written and spoken (C1/C2 level required)

• The opportunity to design and develop the IT Security for the future within a dynamic, growing company
• Flat hierarchies, quick decision-making processes and an agile working environment
• An attractive remuneration package, flexible working arrangements and a modern working environment
• A modern office in a convenient location in Düsseldorf
• Hybrid working model (2-3 per week days onsite in Düsseldorf)
• A collegial, highly motivated team

BlackFin Capital Partners is seeking a Head of IT Governance, Compliance & Security (all genders) to join the team at a new portfolio company in Germany. The company in question is one of the leading asset management firms in Germany and offers institutional investors solutions for structuring diversified investment portfolios. The company currently manages assets under administration totalling over €400 billion. To strengthen our team, we are looking for colleagues who will work with us to build and further develop the company. BlackFin Capital Partners is an investor specialising in Europe, focusing on investments in financial services companies with growth potential. BlackFin established a branch in Frankfurt in 2018 and has been actively investing in the DACH region since 2013. The company currently manages a fund volume of over €4 billion and invests capital from its two most recently launched funds: the BlackFin Financial Services Fund IV with a volume of €1.8 billion and the BlackFin Tech 2 with a volume of €390 million. About the company's IT: As with all financial firms, IT is of paramount importance to our company. The company's products and services are supported by around 60 specialised IT application systems. These are mostly standard software, such as Simcorp Dimension as the central fund accounting system, supplemented by a number of in-house developed systems as well as systems for corporate functions such as financial accounting, HR, compliance and non-financial risk management. Whilst the systems for the core business are mostly operated on-premises in two data centres belonging to a European IT infrastructure service provider, cloud-based SaaS solutions are increasingly being used for corporate functions. Naturally, all employees are equipped with the relevant IT workplace functions, which are expected to be procured and operated via an IT service provider.